"""
Case Type   : gs_checkse工具功能
Case Name   : 验证gs_checkse的A2检测项确保日志归档目录权限最小化检测与修复成功
Create At   : 2024/10/24
Owner       : lihongji
Description :
    1.开启数据库归档
    2.修改日志归档目录权限为0701后检测A2项
    3.修复A2不符合安全规范项目后再次检测
    4.修改日志归档目录权限为0702后检测A2项
    5.修复A2不符合安全规范项目后再次检测
    6.修改日志归档目录权限为0704后检测A2项
    7.修复A2不符合安全规范项目后再次检测
    8.修改日志归档目录权限为0710后检测A2项
    9.修复A2不符合安全规范项目后再次检测
    10.修改日志归档目录权限为0720后检测A2项
    11.修复A2不符合安全规范项目后再次检测
    12.修改日志归档目录权限为0740后检测A2项
    13.修复A2不符合安全规范项目后再次检测
Expect      :
    1.设置数据库归档成功
    2.修改目录权限成功并给出告警信息
    3.无告警信息
    4.修改目录权限成功并给出告警信息
    5.无告警信息
    6.修改目录权限成功并给出告警信息
    7.无告警信息
    8.修改目录权限成功并给出告警信息
    9.无告警信息
    10.修改目录权限成功并给出告警信息
    11.无告警信息
    12.修改目录权限成功并给出告警信息
    13.无告警信息
History     :
"""
import os
import unittest

from testcase.utils.Logger import Logger
from testcase.utils.Common import Common
from testcase.utils.CommonSH import CommonSH
from testcase.utils.Constant import Constant
from yat.test import Node
from yat.test import macro


class GS_CHECKSE(unittest.TestCase):
    def setUp(self):
        self.log = Logger()
        self.log.info(f'----{os.path.basename(__file__)} start----')
        self.primaryNode = Node('PrimaryDbUser')
        self.sh_primary = CommonSH('PrimaryDbUser')
        self.constant = Constant()
        self.common = Common()
        self.env_path = macro.DB_ENV_PATH
        self.archive_path = os.path.join(
            os.path.dirname(macro.DB_INSTANCE_PATH), 'app', 'archive')
        self.archive_command = os.path.join(self.archive_path, '%f')

    def test_gscheckse(self):
        step = '----step1:开启数据库归档  expect:开启数据库归档成功----'
        self.log.info(step)
        mkdir = (f'if [ ! -d {self.archive_path} ]; '
                 f'then mkdir -p {self.archive_path}; fi')
        self.log.info(mkdir)
        self.common.get_sh_result(self.primaryNode, mkdir)
        wal_level = self.sh_primary.execute_gsguc(
            'set', self.constant.GSGUC_SUCCESS_MSG, "wal_level=archive")
        archive_mode = self.sh_primary.execute_gsguc(
            'set', self.constant.GSGUC_SUCCESS_MSG, "archive_mode=on")
        hot_standby = self.sh_primary.execute_gsguc(
            'set', self.constant.GSGUC_SUCCESS_MSG, "hot_standby=off")
        archive_command = self.sh_primary.execute_gsguc(
            'set', self.constant.GSGUC_SUCCESS_MSG,
            f"archive_command = 'cp --remove-destination %p "
            f"{self.archive_command}'")
        restart_msg = self.sh_primary.restart_db_cluster()
        self.assertTrue(wal_level)
        self.assertTrue(archive_mode)
        self.assertTrue(hot_standby)
        self.assertTrue(archive_command)
        self.assertTrue(restart_msg)

        step = ('----step1:修改日志归档目录权限为0701后检测A2项  '
                'expect:修改目录权限成功并给出告警信息----')
        self.log.info(step)
        gs_checkse_cmd = (f"source {self.env_path};"
                          f"chmod 0701 {self.archive_path};"
                          f"gs_checkse -i A2 --detail")
        self.log.info(gs_checkse_cmd)
        check_res = self.common.get_sh_result(self.primaryNode, gs_checkse_cmd)
        self.assertIn("Ensure minimal permissions for log archive "
                      "directories", check_res, '执行失败' + step)

        step = '----step2:修复A2不符合安全规范项目后再次检测  expect:无告警信息----'
        self.log.info(step)
        gs_checkse_cmd = (f'source {self.env_path};'
                          f'gs_checkse -i B2 --detail;'
                          f'gs_checkse -i A2 --detail;'
                          f'find {self.archive_path} -prune \( ! -user '
                          f'{self.primaryNode.ssh_user} -o ! -group '
                          f'{self.primaryNode.ssh_user} -o -perm /g=rwx,'
                          f'o=rwx \)')
        self.log.info(gs_checkse_cmd)
        check_res = self.common.get_sh_result(self.primaryNode, gs_checkse_cmd)
        self.assertNotIn("Ensure minimal permissions for log archive "
                         "directories", check_res, '执行失败' + step)
        self.assertNotIn(self.archive_path, check_res, '执行失败' + step)

        step = ('----step3:修改日志归档目录权限为0702后检测A2项  '
                'expect:修改目录权限成功并给出告警信息----')
        self.log.info(step)
        gs_checkse_cmd = (f"source {self.env_path};"
                          f"chmod 0702 {self.archive_path};"
                          f"gs_checkse -i A2 --detail")
        self.log.info(gs_checkse_cmd)
        check_res = self.common.get_sh_result(self.primaryNode, gs_checkse_cmd)
        self.assertIn("Ensure minimal permissions for log archive "
                      "directories", check_res, '执行失败' + step)

        step = '----step4:修复A2不符合安全规范项目后再次检测  expect:无告警信息----'
        self.log.info(step)
        gs_checkse_cmd = (f'source {self.env_path};'
                          f'gs_checkse -i B2 --detail;'
                          f'gs_checkse -i A2 --detail;'
                          f'find {self.archive_path} -prune \( ! -user '
                          f'{self.primaryNode.ssh_user} -o ! -group '
                          f'{self.primaryNode.ssh_user} -o -perm /g=rwx,'
                          f'o=rwx \)')
        self.log.info(gs_checkse_cmd)
        check_res = self.common.get_sh_result(self.primaryNode, gs_checkse_cmd)
        self.assertNotIn("Ensure minimal permissions for log archive "
                         "directories", check_res, '执行失败' + step)
        self.assertNotIn(self.archive_path, check_res, '执行失败' + step)

        step = ('----step5:修改日志归档目录权限为0704后检测A2项  '
                'expect:修改目录权限成功并给出告警信息----')
        self.log.info(step)
        gs_checkse_cmd = (f"source {self.env_path};"
                          f"chmod 0704 {self.archive_path};"
                          f"gs_checkse -i A2 --detail")
        self.log.info(gs_checkse_cmd)
        check_res = self.common.get_sh_result(self.primaryNode, gs_checkse_cmd)
        self.assertIn("Ensure minimal permissions for log archive "
                      "directories", check_res, '执行失败' + step)

        step = '----step6:修复A2不符合安全规范项目后再次检测  expect:无告警信息----'
        self.log.info(step)
        gs_checkse_cmd = (f'source {self.env_path};'
                          f'gs_checkse -i B2 --detail;'
                          f'gs_checkse -i A2 --detail;'
                          f'find {self.archive_path} -prune \( ! -user '
                          f'{self.primaryNode.ssh_user} -o ! -group '
                          f'{self.primaryNode.ssh_user} -o -perm /g=rwx,'
                          f'o=rwx \)')
        self.log.info(gs_checkse_cmd)
        check_res = self.common.get_sh_result(self.primaryNode, gs_checkse_cmd)
        self.assertNotIn("Ensure minimal permissions for log archive "
                         "directories", check_res, '执行失败' + step)
        self.assertNotIn(self.archive_path, check_res, '执行失败' + step)

        step = ('----step7:修改日志归档目录权限为0710后检测A2项  '
                'expect:修改目录权限成功并给出告警信息----')
        self.log.info(step)
        gs_checkse_cmd = (f"source {self.env_path};"
                          f"chmod 0710 {self.archive_path};"
                          f"gs_checkse -i A2 --detail")
        self.log.info(gs_checkse_cmd)
        check_res = self.common.get_sh_result(self.primaryNode, gs_checkse_cmd)
        self.assertIn("Ensure minimal permissions for log archive "
                      "directories", check_res, '执行失败' + step)

        step = '----step8:修复A2不符合安全规范项目后再次检测  expect:无告警信息----'
        self.log.info(step)
        gs_checkse_cmd = (f'source {self.env_path};'
                          f'gs_checkse -i B2 --detail;'
                          f'gs_checkse -i A2 --detail;'
                          f'find {self.archive_path} -prune \( ! -user '
                          f'{self.primaryNode.ssh_user} -o ! -group '
                          f'{self.primaryNode.ssh_user} -o -perm /g=rwx,'
                          f'o=rwx \)')
        self.log.info(gs_checkse_cmd)
        check_res = self.common.get_sh_result(self.primaryNode, gs_checkse_cmd)
        self.assertNotIn("Ensure minimal permissions for log archive "
                         "directories", check_res, '执行失败' + step)
        self.assertNotIn(self.archive_path, check_res, '执行失败' + step)

        step = ('----step9:修改日志归档目录权限为0720后检测A2项  '
                'expect:修改目录权限成功并给出告警信息----')
        self.log.info(step)
        gs_checkse_cmd = (f"source {self.env_path};"
                          f"chmod 0720 {self.archive_path};"
                          f"gs_checkse -i A2 --detail")
        self.log.info(gs_checkse_cmd)
        check_res = self.common.get_sh_result(self.primaryNode, gs_checkse_cmd)
        self.assertIn("Ensure minimal permissions for log archive "
                      "directories", check_res, '执行失败' + step)

        step = '----step10:修复A2不符合安全规范项目后再次检测  expect:无告警信息----'
        self.log.info(step)
        gs_checkse_cmd = (f'source {self.env_path};'
                          f'gs_checkse -i B2 --detail;'
                          f'gs_checkse -i A2 --detail;'
                          f'find {self.archive_path} -prune \( ! -user '
                          f'{self.primaryNode.ssh_user} -o ! -group '
                          f'{self.primaryNode.ssh_user} -o -perm /g=rwx,'
                          f'o=rwx \)')
        self.log.info(gs_checkse_cmd)
        check_res = self.common.get_sh_result(self.primaryNode, gs_checkse_cmd)
        self.assertNotIn("Ensure minimal permissions for log archive "
                         "directories", check_res, '执行失败' + step)
        self.assertNotIn(self.archive_path, check_res, '执行失败' + step)

        step = ('----step11:修改日志归档目录权限为0740后检测A2项  '
                'expect:修改目录权限成功并给出告警信息----')
        self.log.info(step)
        gs_checkse_cmd = (f"source {self.env_path};"
                          f"chmod 0740 {self.archive_path};"
                          f"gs_checkse -i A2 --detail")
        self.log.info(gs_checkse_cmd)
        check_res = self.common.get_sh_result(self.primaryNode, gs_checkse_cmd)
        self.assertIn("Ensure minimal permissions for log archive "
                      "directories", check_res, '执行失败' + step)

        step = '----step12:修复A2不符合安全规范项目后再次检测  expect:无告警信息----'
        self.log.info(step)
        gs_checkse_cmd = (f'source {self.env_path};'
                          f'gs_checkse -i B2 --detail;'
                          f'gs_checkse -i A2 --detail;'
                          f'find {self.archive_path} -prune \( ! -user '
                          f'{self.primaryNode.ssh_user} -o ! -group '
                          f'{self.primaryNode.ssh_user} -o -perm /g=rwx,'
                          f'o=rwx \)')
        self.log.info(gs_checkse_cmd)
        check_res = self.common.get_sh_result(self.primaryNode, gs_checkse_cmd)
        self.assertNotIn("Ensure minimal permissions for log archive "
                         "directories", check_res, '执行失败' + step)
        self.assertNotIn(self.archive_path, check_res, '执行失败' + step)

    def tearDown(self):
        step = '----step13:恢复环境 expect:成功----'
        self.log.info(step)
        recover = (f'source {self.env_path};'
                   f'chmod 0700 {self.archive_path};'
                   f'find {self.archive_path} -prune \( ! -user '
                   f'{self.primaryNode.ssh_user} -o ! -group '
                   f'{self.primaryNode.ssh_user} -o -perm /g=rwx,'
                   f'o=rwx \)')
        self.log.info(recover)
        recover_res = self.common.get_sh_result(self.primaryNode, recover)
        wal_level = self.sh_primary.execute_gsguc(
            'set', self.constant.GSGUC_SUCCESS_MSG, "wal_level=hot_standby")
        archive_mode = self.sh_primary.execute_gsguc(
            'set', self.constant.GSGUC_SUCCESS_MSG, "archive_mode=off")
        restart = f'source {macro.DB_ENV_PATH};' \
                  f'gs_om -t restart;'
        self.primaryNode.sh(restart).result()
        self.log.info(restart)
        self.assertTrue(archive_mode)
        self.assertTrue(wal_level)
        self.assertNotIn(self.archive_path, recover_res, '执行失败' + step)
        self.log.info(f'----{os.path.basename(__file__)} end----')